Twitter Apologizes for Unencrypted Passwords

A-twitter-application-on-a-phone

Time to change your Twitter passwords! A warning that all users should change their passwords came from Twitter itself after it was revealed that user passwords were stored unencrypted on company servers. Though at this time there’s no indication your passwords were shared with anyone outside of Twitter, employees did have access to these unencrypted keys.

Twitter did apologize, and though we would’ve liked to see compassion included a bit earlier in the message it’s not a bad piece of crisis communications:

When you set a password for your Twitter account, we use technology that masks it so no one at the company can see it. We recently identified a bug that stored passwords unmasked in an internal log. We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone.

Out of an abundance of caution, we ask that you consider changing your password on all services where you’ve used this password. You can change your Twitter password anytime by going to the password settings page.

About The Bug

We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system. This allows our systems to validate your account credentials without revealing your password. This is an industry standard.

Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.

Tips on Account Security

Again, although we have no reason to believe password information ever left Twitter’s systems or was misused by anyone, there are a few steps you can take to help us keep your account safe:

  1. Change your password on Twitter and on any other service where you may have used the same password.
  2. Use a strong password that you don’t reuse on other websites.
  3. Enable login verification, also known as two factor authentication. This is the single best action you can take to increase your account security.
  4. Use a password manager to make sure you’re using strong, unique passwords everywhere.

We are very sorry this happened. We recognize and appreciate the trust you place in us, and are committed to earning that trust every day.

Having a data breach falls firmly into the “predictable crisis” category for any business today, which brings me to a question – when’s the last time you went through a tested your own ability to respond to the predictable crises that threaten your operations? In a world where responding quickly is critical, you lose valuable time scrambling to create a response after the fact. Know your risk factors, be prepared, and deploy as needed.

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is vice president for the firm, and also editor of its newsletter, Crisis Manager]

We love to connect with readers on LinkedIn! Connect with Jonathan | Connect with Erik

Continuing Operations in a Crisis

Two-colleagues-working-on-their-desk-in-their-office.

We see one simple fact overlooked often in crisis planning – you can’t divert 100% of your assets to recover from an issue when there’s still a business to run. This video from Rave Mobile Safety looks at telling stats about how prepared organizations really are for crisis management, and how many would truly be able to weather a storm without letting day-to-day operations slip.

Too often organizations assume they’ll be able to maintain operations and manage an ugly situation when the reality is the folks in critical roles are often already stretched too thin. Leveraging technology and careful planning, along with actually practicing use of both, is critical to surviving the inevitable negativity every organization encounters at one time or another.

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is vice president for the firm, and also editor of its newsletter, Crisis Manager]

We love to connect with readers on LinkedIn! Connect with Jonathan | Connect with Erik

[Guest Post] Is it time to review your business continuity plan?

A-business-man-reviewing-a-document-with-his-secretary.

[Editor’s note: Thank you to Kamy Anderson for sharing this post about the importance of regularly reviewing your business continuity plans.]

A business continuity plan is a must-have in today’s ever changing and volatile market. A carefully and strategically devised business continuity plan has one sole purpose – to ensure your company’s continued existence, even after facing a disaster or major disruption.

It is important to note, that such a plan is not set in stone. It should be reviewed and modified accordingly. However, since it may be challenging to do so on a busy schedule, it is important to know the hows and whens.

Let’s see how a learning management system can help you regularly review your business continuity plan, and when the right time to review it is.

Why You Need to Review Your Business Continuity Plan

Now that we’ve explained why it’s important to have one, we will go over why you need to review your business continuity plan. First of all, in order to be considered a business plan, any plan has to be kept up-to-date and work reliably, and the BCP is no different.

When you decide to review your business plan, you first need to make sure that both of these points are properly addressed. .

To make an efficient plan you also have to assess the various risks. The general business operation risk category consists of market, industry and environmental changes. Here are the most common ones to pay attention to:

  1. The competition has entered the market with a better product or service than yours, and at a lover price
  2. Your target audience’s focus and needs have shifted to another product or service, which may not be better than yours, but has features or functionality that yours doesn’t.
  3. There is an imminent cyber threat which may affect your business or your clients.
  4. You are operating in a country with an unstable political climate.
  5. You are dealing with hazardous materials and/or chemicals.
  6. There is a risk of an epidemic illness breaking out in the country where your offices are.
  7. A key employee decides to leave the company, or dies unexpectedly.

These are just some of the risks that every business may have to deal with. It is important to pinpoint the risks that are specific to your business operation and incorporate strategies to deal with them if they become reality. All of these risks can also change over time, making your plan obsolete and ineffective. Thus, the BCP review becomes a standard and must-have procedure. And it seems that this becomes a trend in the SMBs ecosystem.

When to Review your Business Continuity Plan

Now that you know why it is important to review your BCP, let’s see when you should do it. As you might have guessed, the review process can eat up a big chunk of your and everyone else’s time. This is why it is important to learn when to review it.

The first indicator that tells you to assess the reliability of your BCP are changes to the way your company operates. Every time you change something, whether it is for internal or external reasons, you should revisit your BCP. What are these changes we are talking about? Here are the few examples:

  1. If you decide to launch a new product or service.
  2. If you decide to implement new software, technology, or hardware.
  3. If you move to another location.
  4. If you decide to penetrate a new market.
  5. If any of the departments change priority levels, for instance functionality before the design.

Now that we’ve covered changes in company operations, we should address changes to the people in your business. These changes also present a certain risk to your business operation, so let’s see which ones necessitate an immediate BCP review:

  1. If you, for any reason, lose key staff (for instance department managers).
  2. If you hire a batch of new employees.
  3. If you experience a PR crisis.
  4. If you have to change the responsibilities of your staff.
  5. If you dispatch your staff to a new business location.
  6. If the skillset of your staff becomes obsolete and they are unable to meet the new business operation requirements regarding policies and procedures.

Best Post-Review Policy

Starting with your business continuity planning team, everyone in your company should be on board with the procedures and policies it contains. In addition to identifying new risks, reviewing the plan and updating it, you should also make sure to notify the stakeholders about the latest changes.

You never know when you will need to put this plan into action. This is why the key people in your company should be informed of its location and how they can access it. If you want to minimize the risk of confusion, make sure that you keep only the latest, updated version of your BCP. If you have printed old versions of the BCP, be sure to discard them.

And lastly, you should put your new BCP to the test. You have to make sure that it works before you adopt it as an official BCP document. Review each procedure, asset and resource that is crucial for the success of BCP and make sure that you didn’t make any oversights.

How Can a Learning Management System Help

Since BCP is a document containing valuable information, you should definitely consider using it as training material. Keeping the key people and other employees in the loop with the latest changes can quickly turn into a daunting task. This is why more and more business leverage the power of a learning management system to distribute information that is crucial for business success.

By using online eLearning software, powered by the latest learning management system, you can streamline the majority of the efforts surrounding the BCP review, update and information distribution. In addition, your BCP will be kept on a remote and safe location, accessible from any location and device.

Thanks to the revision history and notification system, you will be able to keep everyone responsible in the loop, with as little effort as possible. Not to mention that you can continue to use the learning management system to organize continuous training and learning opportunities for your staff.

Start Your Review Before It’s Late

The business continuity plan is a must-have strategy for businesses in all industries. Hopefully we have helped you understand the importance of devising one and when to review it. Also, you could see that the writing, reviewing and distribution of a BCP becomes an easy and less risky activity if you do it with the assistance of a learning management system.

Kamy Anderson is an ed-tech enthusiast with a passion for writing on emerging technologies in the areas of corporate training and education. He is an expert in learning management system & elearning authoring tools – currently associated with ProProfs.